A method includes receiving an authorization request for a purchase transaction, and determining whether the authorization request arose from proximity-reading a proximity payment device. The method further includes mapping a first account number included in the authorization request into a second account number associated with the first account number if it is determined that the authorization request arose from proximity-reading a proximity payment device and if the first account number is qualified for mapping. In addition, the method includes transmitting the authorization request to an issuer financial institution with the second account number substituted for the first account number in the authorization request.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method comprising: generating a transaction security code in a proximity payment device; receiving, by a computer, an authorization request for a purchase transaction, the authorization request including the transaction security code read from the proximity payment device by a proximity reader of a point of sale terminal and an indication that the purchase transaction was initiated by proximity-reading the proximity payment device; determining that the purchase transaction is eligible for security code checking based on whether an account number included in the authorization request is in a proximity-device-only eligible account number range; determining, by the computer, that the purchase transaction was initiated by proximity-reading the proximity payment device based on the indication included in the authorization request; determining by the computer that the transaction security code included in the authorization request is valid; and relaying the authorization request from the computer to an issuer financial institution with an indication as to whether the transaction security code is valid.
A method for securing payment transactions using a computer: The computer receives an authorization request for a purchase, including a transaction security code read from a contactless payment device by a point-of-sale terminal. The request also indicates it was initiated by "tapping" the payment device. The computer determines if the transaction is eligible for security code checking based on whether the card's account number is designated for "proximity-device-only" use. If eligible, the computer validates the transaction security code. Finally, the computer relays the authorization request to the card issuer, indicating whether the security code is valid. The security code is generated by the contactless payment device.
2. The method of claim 1 , wherein said determining that said transaction security code is valid includes performing a cryptographic calculation.
The method described above, where determining the validity of the security code involves performing a cryptographic calculation on the transaction security code.
3. The method of claim 2 , wherein the cryptographic calculation comprises a plurality of inputs, said inputs including: (a) a cryptographic key associated with the proximity payment device; (b) a transaction count value regenerated by using at least one transaction count digit included in the authorization request; and (c) an unpredictable number generated for the transaction by a point of sale terminal and included in the authorization request.
The method described above where determining the validity of the security code includes performing a cryptographic calculation. This calculation uses multiple inputs: (a) a cryptographic key specific to the contactless payment device used in the transaction; (b) a transaction count value reconstructed from digits within the authorization request; and (c) a random, unpredictable number generated by the point-of-sale terminal for this specific transaction which is also included in the authorization request.
4. The method of claim 1 , wherein said determining that the transaction security code included in the authorization request is valid includes performing a cryptographic calculation.
The method described above where determining the validity of the security code involves performing a cryptographic calculation on the transaction security code.
5. The method of claim 1 , wherein determining that the purchase transaction is eligible for security code checking based on whether an account number included in the authorization request is in a proximity-device-only eligible account number range is determined before determining that the transaction security code included in the authorization request is valid.
The method described above where determining if a transaction is eligible for security code checking, based on whether the account number is in the proximity-device-only range, is performed *before* validating the transaction security code.
6. An apparatus comprising: a processor; and a memory in communication with the processor and storing program instructions, the processor operative with the program instructions to: receive an authorization request for a purchase transaction, the authorization request including a transaction security code read from a proximity payment device by a proximity reader of a point of sale terminal and an indication that the purchase transaction was initiated by proximity-reading a proximity payment device; determine that the transaction security code included in the authorization request is valid; determine that the purchase transaction is eligible for security code checking based on whether an account number included in the authorization request is in a proximity-device-only eligible account number range; determine that the purchase transaction was initiated by proximity-reading the proximity payment device based on the indication included in the authorization request; and relay the authorization request to an issuer financial institution with an indication as to whether the transaction security code is valid; wherein the transaction security code was generated in a proximity payment device that was read by a point of sale terminal.
An apparatus (a computer system) for securing payment transactions including a processor and memory. The system receives an authorization request for a purchase transaction including a transaction security code read from a contactless payment device by a point-of-sale terminal, and an indication that the purchase was initiated by "tapping." The system validates the transaction security code. It also checks if the account number is in a "proximity-device-only" range, which determines eligibility for the security check. The system relays the authorization request to the card issuer, indicating whether the security code is valid. The transaction security code was originally generated within the contactless payment device.
7. The apparatus of claim 6 , wherein said determining that said transaction security code is valid includes performing a cryptographic calculation.
The apparatus described above where determining the validity of the security code involves performing a cryptographic calculation on the transaction security code.
8. The apparatus of claim 6 , wherein said determining that the transaction security code included in the authorization request is valid includes performing a cryptographic calculation.
An apparatus is designed to prevent fraud in payment processing transactions. It consists of a processor and memory, which are programmed to perform several steps: 1. **Receive Authorization Request:** The apparatus receives a request for a purchase transaction. This request includes a transaction security code (generated by a proximity payment device and read by a point-of-sale terminal's proximity reader) and an indication that the transaction was initiated by proximity-reading the device. 2. **Determine Eligibility:** It checks if the purchase transaction is eligible for security code checking. This is done by verifying if the account number in the authorization request is within a predefined range for proximity-device-only accounts. 3. **Confirm Proximity Initiation:** It verifies, based on the indication in the request, that the transaction was indeed initiated by proximity-reading the payment device. 4. **Validate Security Code:** The apparatus determines if the transaction security code included in the authorization request is valid by performing a cryptographic calculation. 5. **Relay Request:** Finally, it relays the authorization request to the issuer financial institution, including an indication of whether the transaction security code was found to be valid. ERROR (embedding): Error: Failed to save embedding: Could not find the 'embedding' column of 'patent_claims' in the schema cache
9. The apparatus of claim 6 , wherein the cryptographic calculation comprises a plurality of inputs, said inputs including: (a) a cryptographic key associated with the proximity payment device; (b) a transaction count value regenerated by using at least one transaction count digit included in the authorization request; and (c) an unpredictable number generated for the transaction by a point of sale terminal and included in the authorization request.
The apparatus described above where determining the validity of the security code includes performing a cryptographic calculation. This calculation uses multiple inputs: (a) a cryptographic key specific to the contactless payment device used in the transaction; (b) a transaction count value reconstructed from digits within the authorization request; and (c) a random, unpredictable number generated by the point-of-sale terminal for this specific transaction and included in the authorization request.
10. The apparatus of claim 6 , wherein the processor determines that the purchase transaction is eligible for security code checking based on whether the account number included in the authorization request is in a proximity-device-only eligible account number range before determining that the transaction security code included in the authorization request is valid.
The apparatus described above determines if a transaction is eligible for security code checking, based on whether the account number is in the proximity-device-only range, *before* validating the transaction security code.
11. A method comprising: receiving, by a computer, an authorization request for a purchase transaction, the authorization request including a transaction security code read from a proximity payment device by a proximity reader of a point of sale terminal and an indication that the purchase transaction was initiated by proximity-reading a proximity payment device; determining that the purchase transaction is eligible for security code checking based on whether an account number included in the authorization request is in a proximity-device-only eligible account number range; determining, by the computer, that the purchase transaction was initiated by proximity-reading the proximity payment device based on the indication included in the authorization request; determining, by the computer, that the transaction security code included in the authorization request is valid; if said transaction security code is determined not to be valid, (a) declining, by the computer, the authorization request, and (b) sending a message from the computer to an issuer financial institution to report said declined authorization request; and if said transaction security code is determined to be valid, relaying the authorization request from the computer to the issuer financial institution with an indication that the transaction security code is valid; wherein the transaction security code generated in a proximity payment device read by a point of sale terminal.
A method for securing payment transactions: A computer receives an authorization request for a purchase including a transaction security code read from a contactless payment device, and an indication that it was initiated by "tapping." The system determines if the account number is in a "proximity-device-only" range to determine eligibility for security checking. The computer then validates the transaction security code. If the security code is *invalid*, the computer declines the authorization request and sends a message to the card issuer reporting the declined request. If the security code is *valid*, the system relays the authorization request to the issuer, indicating the security code is valid. The transaction security code was generated within the contactless payment device.
12. The method of claim 11 , wherein said determining whether said transaction security code is valid includes performing a cryptographic calculation.
The method described above where determining the validity of the security code involves performing a cryptographic calculation on the transaction security code.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
January 10, 2012
August 20, 2013
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.